On Mon, Aug 26, 2002 at 05:08:02PM -0500, H D Moore wrote:
> On Monday 26 August 2002 16:47, Renaud Deraison wrote:
> > Question: if Nessus detects that a web server does not respect the HTTP
> > protocol, and therefore does not reply properly to the requests, should
> > it disable all the CGI checks altogether and issue a big fat warning
> > explaining why the web server was not tested instead ?
>
> No, there are some fairly simple ways to detect these servers and avoid
> false positives using the current no404 system. A small change to the
> nessus library code and a new no404.nasl solved all of the false positive
> issues we have run into.
I fear your method will also create false negatives. My main concern is
that your patch does not follow the redirections. However, it seems that
some server will tell you that when you request :
GET /cgi-bin/foo HTTP/1.1
That you should actually have requested
GET /cgi-bin/foo/ HTTP/1.1
(this is especially true with the Host: argument).
Now, honnestly, I don't really know what to do with that - should we
follow the redirections and be prone to false positives very often, or
not follow them and be prone to false negatives less often ?
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
